IN THE CLAIMS 

This listing of claims will replace all prior versions, and listings, of claims in the application: 

1 . (Original) A method performed by a user terminal of a wireless access network, the 
method comprising: 

generating a shared secret to be provided to an access point of the wireless access 
network; 

encrypting the shared secret with an access point public key; 

generating an authenticator string, the authenticator string demonstrating possession 
of a user terminal private key; 

sending a message to the access point, the message including the encrypted shared 
secret, a user terminal certificate, and the authenticator string. 

2. (Original) The method of claim 1, wherein the user terminal certificate is scrambled, 
using a pseudo-random sequence generator initialized with a part of the shared secret, before 
being included in the message. 

3. (Original) The method of claim 2, wherein the remainder of the shared secret 
comprises a master secret to be used for symmetric key cryptography between the user 
terminal and the access point. 

4. (Original) The method of claim 1, wherein generating the authenticator string 
comprises generating an authenticator message and signing the authenticator message with 
the user terminal private key. 

5. (Original) The method of claim 4, wherein signing the authenticator message 
comprises: 

generating a digest of the authenticator message; and 

encrypting the authenticator message digest with the user terminal private key. 
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6. (Original) The method of claim 4, wherein the authenticator message comprises a 
time parameter and at least part of the shared secret. 



7. (Currently Amended) The method of claim 6, wherein th e user terminal g e n e rat e s 
th e authenticator string by speculatively incr e m e nting the time param e ter to a tim e wh e n th e 
m e ssag e is to be sent to the access point generating the authenticator message comprises: 

pre-calculating a plurality of possible authenticator messages based on a 
corresponding plurality of estimated time parameters; 

receiving an indication of an actual time parameter; and 

selecting a pre-calculated authenticator message that corresponds to the actual 
time parameter, 

8. (Currently Amended) The method of claim 7, wherein the time parameter comprises 
[[and]] an absolute frame numbe r, and the user t e rminal speculatively incr e m e nts the 
absolute frame numb e r to b e includ e d in th e auth e nticator m e ssage from the curr e nt absolute 
fram e number to th e absolut e number of the fram e in which th e m e ssage is to b e s e nt to th e 
acc e ss point . 

9. (Currently Amended) The method of claim 1 , wherein the user terminal generates 
and encrypts the shared secret prior to identifying the access point by sp e culativ e ly 
encrypting the shared secret with the public keys of a plurality of access points stored in the 
user terminal. 

1 0. (Original) A method performed by an access point of a wireless access network, the 
method comprising: 

receiving a message from a user terminal of the wireless access network, the message 
containing a shared secret encrypted with an access point public key, a user terminal 
certificate, and an authenticator string demonstrating possession by the user terminal of a 
user terminal private key; 

decrypting the shared secret using an access point private key; 
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authenticating the user terminal by checking the authenticates string using a user 
terminal public key included in the user terminal certificate to verify possession of the user 
terminal private key by the user terminal. 

1 1 . (Original) The method of claim 10, wherein the user terminal certificate is scrambled, 
and the access point unscrambles the user terminal certificate using the shared secret. 

12. (Original) The method of claim 10, wherein checking the authenticator string 
comprises decrypting the authenticator string using the user terminal public key. 

13. (Original) The method of claim 12, wherein checking the authenticator string further 
comprises generating an authenticator message, generating a digest of the authenticator 
message, and comparing the authenticator message digest with the decrypted authenticator 
string. 

14. (Original) The method of claim 13, wherein the authenticator message comprises at 
least part of the shared secret. 

15. (Original) The method of claim 10, wherein the user terminal certificate is signed by 
a certificate authority trusted by the access point. 

16. (Original) The method of claim 10, wherein the shared secret is to be used for 
symmetric key cryptography between the access point and the user terminal. 

1 7. (Original) A user terminal comprising: 

a memory to store a user terminal certificate and a shared secret to be provided to an 
access point; 

a processor coupled to the memory to encrypt the shared secret with an access point 
public key, and to generate an authenticator string demonstrating possession of a user 
terminal private key; 
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a transmitter coupled to the processor to send a message to the access point, the 
message including the encrypted shared secret, the user terminal certificate, and the 
authenticator string. 

18. (Original) The user terminal of claim 17, wherein the processor is further to scramble 
the user terminal certificate using a pseudo-random sequence generator initialized with a part 
of the shared secret, before being included in the message. 

19. (Original) The user terminal of claim 1 8, wherein the remainder of the shared secret 
comprises a master secret to be used for symmetric key cryptography between the user 
terminal and the access point. 

20. (Original) The user terminal of claim 17, wherein the processor generates the 
authenticator string by generating an authenticator message and signing the authenticator 
message with the user terminal private key. 

21 . (Original) The user terminal of claim 20, wherein signing the authenticator message 
comprises: 

generating a digest of the authenticator message; and 

encrypting the authenticator message digest with the user terminal private key. 

22. (Original) The user terminal of claim 20, wherein the authenticator message 
comprises a time parameter and at least part of the shared secret. 

23. (Currently Amended) The user terminal of claim 22, wherein the processor 
generates the authenticator string by sp e culatively incr e m e nting the tim e param e ter to a time 
wh e n th e m e ssage is to be sent to the acc e ss point message by: 

pre-calculating a plurality of possible authenticator messages based on a 
corresponding plurality of estimated time parameters; 

receiving an indication of an actual time parameter; and 
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selecting a pre-calculated authenticator message that corresponds to the actual 



time parameter . 



24. (Currently Amended) The user terminal of claim 23, wherein the time parameter 
comprises [[and]] an absolute frame numbe r, and the us e r terminal sp e culatively increments 
th e absolut e fram e number to be included in the authenticator m e ssage from the current 
absolut e frame number to the absolute number of th e fram e in which th e messag e is to bo 
sent to th e access point . 

25. (Currently Amended) The user terminal of claim 17, wherein the memory is further 
to store public keys of a plurality of access points, and the processor generates and encrypts 
the shared secret prior to the user terminal identifying the access point by speculatively 
encrypting the shared secret with the public keys of the plurality of access points. 

26. (Currently Amended) An access point comprising: 

a receiver to receive a message from a user terminal of a wireless access network, 
the message containing a shared secret encrypted by the user terminal with an access point 
public key, a user terminal certificate including a user terminal public key, and an 
authenticator string demonstrating possession by the user terminal of a user terminal private 
key corresponding with the user terminal public key; and 

a processor coupled to the receiver to decrypt the shared secret using an access point 
private key, and to authenticate the user terminal by verifying possession by the user terminal 
of the user terminal private key. 

27. (Original) The access point of claim 26, wherein the user terminal certificate is 
scrambled, and the processor is further to unscramble the user terminal certificate using the 
shared secret. 



28. (Original) The access point of claim 26, wherein the processor verifies possession of 
the user terminal private key by decrypting the authenticator string using the user terminal 
public key. 

Application No. 10/603,424 6 Examiner: T. Arani 

Attorney Docket No. 15685.P208 Art Unit: 2131 



29. (Original) The access point of claim 28, the processor further verifies possession of 
the user terminal private key by generating an authenticator message, generating a digest of 
the authenticator message, and comparing the authenticator message digest with the 
decrypted authenticator string. 

30. (Original) The access point of claim 29, wherein the authenticator message comprises 
at least part of the shared secret. 

3 1 . (Original) The access point of claim 26, wherein the user terminal certificate is signed 
by a certificate authority trusted by the access point. 

32. (Original) The access point of claim 26, wherein the shared secret is to be used for 
symmetric key cryptography between the access point and the user terminal. 

33. (Original) A machine-readable medium storing data representing instructions that, 
when executed by a processor of a user terminal, cause the processor to perform operations 
comprising: 

generating a shared secret to be provided to an access point of the wireless access 
network; 

encrypting the shared secret with an access point public key; 

generating an authenticator string, the authenticator string demonstrating possession 
of a user terminal private key; 

sending a message to the access point, the message including the encrypted shared 
secret, a user terminal certificate, and the authenticator string. 

34. (Original) The machine-readable medium of claim 33, wherein the user terminal 
certificate is scrambled, using a pseudo-random sequence generator initialized with a part of 
the shared secret, before being included in the message. 
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35. (Original) The machine-readable medium of claim 34, wherein the remainder of the 
shared secret comprises a master secret to be used for symmetric key cryptography between 
the user terminal and the access point. 

36. (Original) The machine-readable medium of claim 33, wherein generating the 
authenticator string comprises generating an authenticator message and signing the 
authenticator message with the user terminal private key. 

37. (Original) The machine-readable medium of claim 36, wherein signing the 
authenticator message comprises: 

generating a digest of the authenticator message; and 

encrypting the authenticator message digest with the user terminal private key. 

38. (Original) The machine-readable medium of claim 36, wherein the authenticator 
message comprises a time parameter and at least part of the shared secret. 

39. (Currently Amended) The machine-readable medium of claim 38, wherein the user 
terminal generates the authenticator string by sp e culatively incr e menting th e time parameter 
to a time wh e n th e messag e is to b e s e nt to th e access point message by: 

pre-calculating a plurality of possible authenticator messages based on a 
corresponding plurality of estimated time parameters; 

receiving an indication of an actual time parameter; and 

selecting a pre-calculated authenticator message that corresponds to the actual 
time parameter . 

40. (Currently Amended) The machine-readable medium of claim 39, wherein the time 
parameter comprises [[and]] an absolute frame numbe r, and th e us e r terminal speculativ e ly 
incr e m e nts the absolut e fram e number to be includ e d in tho auth e nticator m e ssag e from th e 
curr e nt absolut e fram e number to the absolut e number of the frame in which th e m e ssag e is 
to b e s e nt to th e acc e ss point . 

Application No. 10/603,424 8 Examiner: T. Arani 

Attorney Docket No. 1 5685 .P208 Art Unit: 2131 



41. (Currently Amended) The machine-readable medium of claim 33, wherein the user 
terminal generates and encrypts the shared secret prior to identifying the access point by 
speculatively encrypting the shared secret with the public keys of a plurality of access points 
stored in the user terminal. 

42. (Original) A machine-readable medium storing data representing instructions that, 
when executed by a processor of an access point, cause the processor to perform operations 
comprising: 

receiving a message from a user terminal of the wireless access network, the message 
containing a shared secret encrypted with an access point public key, a user terminal 
certificate, and an authenticator string demonstrating possession by the user terminal of a 
user terminal private key; 

decrypting the shared secret using an access point private key; 

authenticating the user terminal by checking the authenticator string using a user 
terminal public key included in the user terminal certificate to verify possession of the user 
terminal private key by the user terminal. 

43. (Original) The machine-readable medium of claim 42, wherein the user terminal 
certificate is scrambled, and the access point unscrambles the user terminal certificate using 
the shared secret. 

44. (Original) The machine-readable medium of claim 42, wherein checking the 
authenticator string comprises decrypting the authenticator string using the user terminal 
public key. 

45. (Original) The machine-readable medium of claim 44, wherein checking the 
authenticator string further comprises generating an authenticator message, generating a 
digest of the authenticator message, and comparing the authenticator message digest with the 
decrypted authenticator string. 
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46. (Original) The machine-readable medium of claim 45, wherein the authenticate* 
message comprises at least part of the shared secret. 

47. (Original) The machine-readable medium of claim 42, wherein the user terminal 
certificate is signed by a certificate authority trusted by the access point 

48. (Original) The machine-readable medium of claim 42, wherein the shared secret is to 
be used for symmetric key cryptography between the access point and the user terminal. 
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